netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs

A flaw was found in Netty's DNS resolver component. This vulnerability arises from the use of a predictable pseudo-random number generator PRNG for DNS transaction IDs and a static User Datagram Protocol UDP source port. This combination significantly reduces the randomness of DNS queries, making...

EUVD-2026-36445

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

CVE-2026-45673

Technical details are not publicly provided in the supplied connected documents. Monitor for updates on the Netty DNS-related vulnerability (CVE-2026-45673) and any published remediation.

PT-2026-47609

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description The DNS resolver in the io.netty.resolver.dns module uses a predictable Pseudo-Random Number Generator PRNG for generating DNS transaction IDs and defaults ...

CVE-2026-28810

CVE-2026-28810 affects the Erlang/OTP kernel built-in DNS resolver (inet_res) and its inet_db module. The issue arises from a 16-bit, process-global transaction ID used for UDP queries and the absence of source port randomization, making DNS responses vulnerable to spoofing and cache poisoning wh...

EEF-CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Summary Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomizatio...

Juju 安全漏洞

Juju is a canonical Juju open-source application orchestration engine. Versions of Juju from 3.0.0 to 3.6.18 contained security vulnerabilities. These vulnerabilities stemmed from the fact that key owners relied solely on predictable XID verifications for determining ownership. This could allow...

EulerOS 2.0 SP10 : avahi (EulerOS-SA-2026-1301)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after...

EulerOS Virtualization 2.10.1 : avahi (EulerOS-SA-2026-1529)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them...

EulerOS 2.0 SP12 : avahi (EulerOS-SA-2026-1061)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...

EulerOS 2.0 SP12 : avahi (EulerOS-SA-2026-1081)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...

CVE-2023-31442

In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...

EulerOS Virtualization 2.13.1 : avahi (EulerOS-SA-2025-2619)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992630 advisory. In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay...

EulerOS 2.0 SP13 : avahi (EulerOS-SA-2025-2514)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

Summary The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless...

CVE-2025-11728 Oceanpayment CreditCard Gateway <= 6.0 - Missing Authentication to Unauthenticated Order Status Update

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

avahi security update

An update is available for avahi. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Avahi is an implementation of the DNS Service Discovery and Multicast DNS...

TencentOS Server 4: avahi (TSSA-2025:0544)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0544 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

unbound: Unbound Cache poisoning

A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...